none
Read Cert Revocation List and move to Certificate Store RRS feed

  • Question

  • I am using the following code to programmatically add a RootCA into the Trusted Root CA folder on local machine. All of the uncommented code works fine.

                Dim CAstore As New X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine)
                Dim rootCert As New X509Certificate2(TempFolderPath & "RootCA.cer", "", X509KeyStorageFlags.PersistKeySet & X509KeyStorageFlags.MachineKeySet)
                CAstore.Open(OpenFlags.ReadWrite)
                CAstore.Add(rootCert)
                'rootCert = New X509Certificate2(TempFolderPath & "RootCA.crl", "", X509KeyStorageFlags.PersistKeySet & X509KeyStorageFlags.MachineKeySet)
                'CAstore.Add(rootCert)
                CAstore.Close()

    As can probably be seen from the two commented out lines, I would also like to move a file-based CRL into the certificate store, but the X509Certificate2 class will not allow it. Is there another way to accomplish this?


    Cheers, John

    Wednesday, September 2, 2015 11:43 PM

Answers

  • Hi John,

    When check X509Certificate2 class, please check in remarks section.

    If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for fileName, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

    >>I would also like to move a file-based CRL into the certificate store, but the X509Certificate2 class will not allow it. Is there another way to accomplish this?

    Several functions add a certificate context or a link to a context to a store. Working with Certificates in Certificate Stores

    A file-based CRL. For certificates already in certificate context form:

    For certificates that are in encoded form but not full certificate contexts:   

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.




    • Edited by Kristin Xie Thursday, September 3, 2015 3:34 AM
    • Marked as answer by j_dublevay Thursday, September 3, 2015 10:13 PM
    Thursday, September 3, 2015 3:33 AM

All replies

  • Hi John,

    When check X509Certificate2 class, please check in remarks section.

    If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for fileName, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

    >>I would also like to move a file-based CRL into the certificate store, but the X509Certificate2 class will not allow it. Is there another way to accomplish this?

    Several functions add a certificate context or a link to a context to a store. Working with Certificates in Certificate Stores

    A file-based CRL. For certificates already in certificate context form:

    For certificates that are in encoded form but not full certificate contexts:   

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.




    • Edited by Kristin Xie Thursday, September 3, 2015 3:34 AM
    • Marked as answer by j_dublevay Thursday, September 3, 2015 10:13 PM
    Thursday, September 3, 2015 3:33 AM
  • Thank you. In the end, I couldn't actually get what I was trying to do to work, so I decided to disable CRL anyway. It really is not important for my simple purposes. I will mark yours as the answer though.

    Cheers, John

    Thursday, September 3, 2015 10:13 PM